Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:53
Behavioral task
behavioral1
Sample
a36e69644b9a721d1750236a3f6f35fc6116eff53cd47cd0809262ccf48691f1.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a36e69644b9a721d1750236a3f6f35fc6116eff53cd47cd0809262ccf48691f1.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
a36e69644b9a721d1750236a3f6f35fc6116eff53cd47cd0809262ccf48691f1.dll
-
Size
899KB
-
MD5
a0d095c1aef9901729c9873ebf235d74
-
SHA1
4cdb3dad1b261390a5adfdea7e31c409afda5f3c
-
SHA256
a36e69644b9a721d1750236a3f6f35fc6116eff53cd47cd0809262ccf48691f1
-
SHA512
f3637899245bad8545bcca46a8ae7e68ea43fec388d51f4a3eafb8bab0c1d9d3196d4170ff0ee11a9cf4416a147ee0ff5078ebaa32162beb643e7cddcc79bfc1
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXC:7wqd87VC
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3780 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3140 wrote to memory of 3780 3140 rundll32.exe 92 PID 3140 wrote to memory of 3780 3140 rundll32.exe 92 PID 3140 wrote to memory of 3780 3140 rundll32.exe 92
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a36e69644b9a721d1750236a3f6f35fc6116eff53cd47cd0809262ccf48691f1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a36e69644b9a721d1750236a3f6f35fc6116eff53cd47cd0809262ccf48691f1.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:81⤵PID:2192